MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8eaa0f696a0b0ceb7cd81cdd10fca7b047e5f6abbd3d94e1f0fc3d8dc615f36c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8eaa0f696a0b0ceb7cd81cdd10fca7b047e5f6abbd3d94e1f0fc3d8dc615f36c
SHA3-384 hash: ba26d0a41342e8ced6a270eee48d37dee8fda623b98b7b9a2ce4f2aa9c97c48c21b2be82609e0ee6c187d8cffb922dc8
SHA1 hash: 2ccf9775b5a3c5f9692613f268f9472b85c5fe9f
MD5 hash: e7b85c59de2b2fbd4619a38fea80ec2a
humanhash: shade-north-artist-virginia
File name:ORDER7098EAR.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:458'502 bytes
First seen:2020-11-06 17:26:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:jr37I+4IIyekQevYd2Q3Pj0UQqrc3fzgPGgCi9Xog4SE:DI+4IfQeM2Q7CqkiGjaXz4SE
TLSH 8CA4234CA61D0C84272D59FAC9D6B47CE906FB23A01C2F118B969153D3F8E476ACBC74
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: dlveltex.co
Sending IP: 111.90.140.219
From: Michal <Michal@dlveltex.coM>
Subject: Attached selected items and confirmed copy of quotation for your reference.
Attachment: ORDER7098EAR.rar (contains "ORDER7098EAR.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8eaa0f696a0b0ceb7cd81cdd10fca7b047e5f6abbd3d94e1f0fc3d8dc615f36c/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 14:14:06 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2va62lkbmgow7gydtorb7fhwbd6l5vlxu6zjypq7q6y3rqv6nwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 8eaa0f696a0b0ceb7cd81cdd10fca7b047e5f6abbd3d94e1f0fc3d8dc615f36c

(this sample)

Formbook

Executable exe 288e38a633a49c3a30c842250ef331f22201b2acee124e9b108d498b28cb2ba3

  
Dropping
MD5 47df00e7f84c73c36638d2782ac7dd54
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 288e38a633a49c3a30c842250ef331f22201b2acee124e9b108d498b28cb2ba3

Comments